CVE-2019-17075

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.

References

https://lore.kernel.org/lkml/[email protected]

https://seclists.org/bugtraq/2019/Nov/11

http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

https://usn.ubuntu.com/4208-1/

https://usn.ubuntu.com/4210-1/

https://usn.ubuntu.com/4211-2/

https://usn.ubuntu.com/4211-1/

https://usn.ubuntu.com/4226-1/

https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html

https://www.oracle.com/security-alerts/cpuApr2021.html

Details

Source: MITRE

Published: 2019-10-01

Updated: 2021-06-14

Risk Information

CVSS v2

Base Score: 7.1

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 5.3.2 (inclusive)

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
144831EulerOS Virtualization 3.0.2.6 : kernel (EulerOS-SA-2021-1056)NessusHuawei Local Security Checks
critical
141374OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0044)NessusOracleVM Local Security Checks
critical
141207Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5866)NessusOracle Linux Local Security Checks
critical
140499Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5845)NessusOracle Linux Local Security Checks
critical
134486EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1197)NessusHuawei Local Security Checks
critical
134240Debian DLA-2114-1 : linux-4.9 security updateNessusDebian Local Security Checks
critical
132796EulerOS Virtualization for ARM 64 3.0.5.0 : kernel (EulerOS-SA-2020-1042)NessusHuawei Local Security Checks
critical
132690Ubuntu 18.04 LTS / 19.04 : linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, (USN-4226-1)NessusUbuntu Local Security Checks
critical
132499NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0266)NessusNewStart CGSL Local Security Checks
high
132490NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0264)NessusNewStart CGSL Local Security Checks
high
132134EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2599)NessusHuawei Local Security Checks
high
131845EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)NessusHuawei Local Security Checks
critical
131805EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2531)NessusHuawei Local Security Checks
high
131565Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon (USN-4211-1)NessusUbuntu Local Security Checks
critical
131564Ubuntu 16.04 LTS / 18.04 LTS : linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, (USN-4210-1)NessusUbuntu Local Security Checks
critical
131562Ubuntu 18.04 LTS / 19.10 : linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-kvm, linux-oracle (USN-4208-1)NessusUbuntu Local Security Checks
critical
131349EulerOS 2.0 SP8 : kernel (EulerOS-SA-2019-2283)NessusHuawei Local Security Checks
high
130751Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-311-01)NessusSlackware Local Security Checks
critical